- Buffer overflow checking
What is a buffer overflow? A simple definition of buffer overflow is writing data outside designated memory blocks when the memory block is full. VirusScan 8.0i uses pattern files to detect the buffer overflows.
To configure buffer overflow checking launch the VirusScan console, right click Buffer Overflow Protection and select properties:
A window appears that allows you to enable buffer overflow protection in either Warning or Protection mode. Warning mode will record the activity in the log but not block the process that is detected as causing a buffer overflow. Protection mode will stop a process that is detected as causing a buffer overflow. Exclusions can also be added (to exclude certain processes) as well as enabling an onscreen pop notification of detections.
It is recommended that this feature be enabled in protection mode (default).
- Script blocking
Script blocking is Behavioral blocking of potentially malicious Java and VB scripts.
This is designed to prevent malicious Java and VB scripts from running. To enable or disable script blocking, open up the VirusScan console, right click On-Access Scanner and select properties. Select the ScriptScan tab and either check or uncheck the checkbox to enable or disable ScriptScan.
ScriptScan is enabled by default. It is recommended that this feature be disabled by unchecking the Enable ScriptScan box and selecting apply.
- File blocking
Using VirusScan to lock down or block access to shares, directories and files.
To enable, disable or create rules, launch the VirusScan console, right click Access Protection and select properties. Select the File, Share, and Folder Protection tab.
The window that appears shows the rules that are entered into VirusScan. The ones that are checked are enabled. You can create your own rules by selecting add or modify a current rule by selecting edit. The rules will allow you to block write and create access to directories on the machine. Be very cautious about creating rules so that you do not block patches or useful programs and services. Additionally you can block all shares or make all shares read only regardless of the permissions set on the share itself.
It is recommended that this feature be disabled by unchecking all of the rules and selecting apply.
- Potentially unwanted programs
What are they? – Programs you may consider unwanted such as Adware, Spyware, Jokes or other programs you do not wish to have running on your machine.
To enable, disable or create rules launch the VirusScan console, right click on Unwanted Programs Policy and select properties.
By default the Unwanted Programs Policies are not enabled. From this window you can choose what policies you wish to enable by checking the checkbox next to each category of programs you want VirusScan to look for. You can also set exclusions to tell VirusScan what not to look for. It is recommended that this feature be enabled to detect Adware, Spyware and Dialers. To enable the features check the Spyware, Adware and dialers boxes and select apply.
Selecting the User-Defined Detection tab brings up the window below. This allows you to set specific programs/files that you do not want on your system. Be very cautious about creating rules so that you do not block patches or useful programs and services. This could also be used in the event of a new virus that is not detected by the current DAT file to be blocked or deleted. To set such a rule you would need to know the name of the virus file and directory that the virus file is created in. To create a new rule select add and to modify an existing rule select edit and the rule you wish to edit.
- Firewall like capabilities
VirusScan 8.0i includes the ability to block both TCP and UDP port inbound and outbound. The default ports that are blocked are 25 outbound and 6667-6669 inbound and outbound. The blocking rules may be modified to allow exception by program (e.g. Outlook.exe)
To enable, disable or create rules, launch the VirusScan console, right click Access Protection and select properties.
The window that appears shows you the rules that are entered into VirusScan. The ones that are checked are enabled. You can create your own rules by selecting add or modify a current rule by selecting edit. It is recommended that this feature be disabled. To disable this feature make sure all the Rule check boxes are unchecked then select apply.
To download a Microsoft Word document with screenshots that describe the advanced features of VirusScan 8.0i, click here.